Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3848Out-of-bounds Write in Kernel

CWE-787Out-of-bounds Write14 documents8 sources
Severity
6.9MEDIUMNVD
EPSS
0.2%
top 64.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
7
Linux KernelCanonical Ubuntu LinuxDebian Linux+4 more
Timeline
PublishedDec 30
Latest updateMay 13

Description

Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages5 packages

NVDlinux/linux_kernel< 2.6.36.2

Also affects: Debian Linux 5.0, Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.10

Patches

Patch: openwall.comPatch: bugzilla.redhat.comPatch: openwall.com

🔴Vulnerability Details

4
GHSA
GHSA-jg69-hq9p-75r5: Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet2022-05-13
CVEList
CVE-2010-3848: Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet2010-12-30
Kernel
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.62010-11-29
Kernel
econet: fix CVE-2010-38482010-11-24

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation2011-09-05

📋Vendor Advisories

7
Ubuntu
Linux kernel (OMAP4) vulnerabilities2011-04-20
Ubuntu
Linux Kernel vulnerabilities (Marvell Dove)2011-03-25
Ubuntu
Linux kernel vulnerabilities2011-03-03
Ubuntu
Linux kernel vulnerabilities2011-02-28
Ubuntu
Linux kernel vulnerabilities2011-02-25

💬Community

1
Bugzilla
CVE-2010-3848 CVE-2010-3849 CVE-2010-3850 kernel: multiple vulnerabilities in Linux AF_ECONET2010-10-19
CVE-2010-3848 — Out-of-bounds Write in Linux Kernel | cvebase